Firefox 3.5 (Font tags) Remote Buffer Overflow actively being exploited.
July 16th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
After doing my usual digging through my list of malicious urls for the morning I came across a site that is actively exploiting the new Firefox vuln using the exploit written by Simon Berry-Byrne. It uses a standard heapspray technique for code exec. The site that is hosting this exploit appears to be a legitimate site that was compromised. It looks like a RFI may have been used to drop the file on the site. The page located at /img/icons/f.htm is a direct copy of the milw0rm code. They did not even bother to remove any of the comments. A simple download-and-execute payload is used.